From: yangyan <yangyanyj@chinamobile.com>
Date: Thu, 5 Mar 2020 03:15:39 +0000 (+0800)
Subject: Remove sudo capability for onap user for VF-C  ems docker
X-Git-Tag: 1.3.1^0
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F84%2F103084%2F2;p=vfc%2Fnfvo%2Fdriver%2Fems.git

Remove sudo capability for onap user for VF-C  ems docker

Change-Id: I5f327ea36125bbed257998c644cb1af4ef29b16e
Issue-ID: VFC-1640
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
---

diff --git a/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh b/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh
index 9cfdeea..c3a16c3 100644
--- a/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh
+++ b/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh
@@ -22,11 +22,9 @@ install_sf(){
 add_user(){
 
 	useradd onap
-	yum -y install sudo
-	chmod u+x /etc/sudoers
-	sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
-	chmod u-x /etc/sudoers
 	chown onap:onap -R /service
+	chmod g+s /service
+	setfacl -d --set u:onap:rwx /service
 }
 
 clean_sf_cache(){